Skip to content

Use @vercel/cli-auth for auth token reading and OAuth refresh#1043

Merged
TooTallNate merged 2 commits into
mainfrom
02-13-use_vercel_cli-auth_for_auth_token_reading_and_oauth_refresh
Feb 13, 2026
Merged

Use @vercel/cli-auth for auth token reading and OAuth refresh#1043
TooTallNate merged 2 commits into
mainfrom
02-13-use_vercel_cli-auth_for_auth_token_reading_and_oauth_refresh

Conversation

@TooTallNate
Copy link
Copy Markdown
Member

@TooTallNate TooTallNate commented Feb 13, 2026

Replace the manual auth.json reading logic in the CLI with the @vercel/cli-auth package, which handles credential storage via CredentialsStore and OAuth token refresh via the OAuth client.

Previously, the CLI would read the token from disk but had no refresh logic — if the token was expired, API calls would fail.
Now, getAuthToken() checks token expiry and automatically refreshes it using the stored refresh token before returning it.

@TooTallNate
Use @vercel/cli-auth for auth token reading and OAuth refresh
7f5329f 
Replace the manual auth.json reading logic in the CLI with the `@vercel/cli-auth` package, which handles credential storage via CredentialsStore and OAuth token refresh via the OAuth client.

Previously, the CLI would read the token from disk but had no refresh logic — if the token was expired, API calls would fail.
Now, getAuthToken() checks token expiry and automatically refreshes it using the stored refresh token before returning it.
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Feb 13, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 8dbf9a9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 14 packages
Name Type
@workflow/cli Patch
workflow Patch
@workflow/world-testing Patch
@workflow/core Patch
@workflow/builders Patch
@workflow/next Patch
@workflow/nitro Patch
@workflow/web-shared Patch
@workflow/astro Patch
@workflow/nest Patch
@workflow/rollup Patch
@workflow/sveltekit Patch
@workflow/vite Patch
@workflow/nuxt Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@TooTallNate TooTallNate marked this pull request as ready for review February 13, 2026 19:19
Copilot AI review requested due to automatic review settings February 13, 2026 19:19
@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented Feb 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
example-nextjs-workflow-turbopack Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
example-nextjs-workflow-webpack Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
example-workflow Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workbench-astro-workflow Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workbench-express-workflow Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workbench-fastify-workflow Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workbench-hono-workflow Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workbench-nitro-workflow Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workbench-nuxt-workflow Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workbench-sveltekit-workflow Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workbench-vite-workflow Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workflow-docs Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workflow-nest Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm
workflow-swc-playground Ready Ready Preview, Comment, Open in v0 Feb 13, 2026 9:21pm

@TooTallNate Graphite App
Copy link
Copy Markdown
Member Author

TooTallNate commented Feb 13, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@TooTallNate TooTallNate requested review from a team and removed request for Copilot February 13, 2026 19:20
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 13, 2026
edited
Loading

📊 Benchmark Results

📈 Comparing against baseline from main branch. Green 🟢 = faster, Red 🔺 = slower.

workflow with no steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Express 0.032s (+14.9% 🔺) 1.005s (~) 0.974s 10 1.00x
💻 Local Nitro 0.033s (+2.2%) 1.005s (~) 0.972s 10 1.04x
💻 Local Next.js (Turbopack) 0.035s 1.005s 0.970s 10 1.11x
🌐 Redis Next.js (Turbopack) 0.043s 1.005s 0.961s 10 1.37x
🌐 MongoDB Next.js (Turbopack) 0.074s 1.007s 0.932s 10 2.34x
🐘 Postgres Express 0.137s (+49.3% 🔺) 1.011s (~) 0.874s 10 4.31x
🐘 Postgres Nitro 0.340s (+61.4% 🔺) 1.012s (~) 0.672s 10 10.73x
🐘 Postgres Next.js (Turbopack) 0.436s 1.009s 0.573s 10 13.76x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Express 0.564s (-24.9% 🟢) 2.009s (-1.4%) 1.444s 10 1.00x
▲ Vercel Next.js (Turbopack) 0.600s (-13.1% 🟢) 2.053s (-4.1%) 1.453s 10 1.06x
▲ Vercel Nitro 0.612s (+2.0%) 2.052s (+2.9%) 1.440s 10 1.08x

🔍 Observability: Express | Next.js (Turbopack) | Nitro

workflow with 1 step

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Next.js (Turbopack) 1.086s 2.005s 0.919s 10 1.00x
💻 Local Express 1.105s (+2.4%) 2.006s (~) 0.901s 10 1.02x
💻 Local Nitro 1.107s (~) 2.005s (~) 0.898s 10 1.02x
🌐 Redis Next.js (Turbopack) 1.109s 2.006s 0.897s 10 1.02x
🌐 MongoDB Next.js (Turbopack) 1.296s 2.006s 0.710s 10 1.19x
🐘 Postgres Next.js (Turbopack) 1.815s 2.012s 0.197s 10 1.67x
🐘 Postgres Nitro 2.391s (-1.9%) 3.014s (~) 0.624s 10 2.20x
🐘 Postgres Express 2.460s (~) 3.014s (~) 0.554s 10 2.26x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Express 2.377s (-1.1%) 3.225s (+2.5%) 0.848s 10 1.00x
▲ Vercel Next.js (Turbopack) 2.484s (-4.4%) 3.426s (~) 0.942s 10 1.04x
▲ Vercel Nitro 3.138s (+26.6% 🔺) 4.160s (+19.3% 🔺) 1.022s 10 1.32x

🔍 Observability: Express | Next.js (Turbopack) | Nitro

workflow with 10 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Next.js (Turbopack) 10.645s 11.021s 0.376s 3 1.00x
🌐 Redis Next.js (Turbopack) 10.722s 11.022s 0.300s 3 1.01x
💻 Local Nitro 10.831s (~) 11.022s (~) 0.191s 3 1.02x
💻 Local Express 10.832s (+2.3%) 11.023s (~) 0.191s 3 1.02x
🌐 MongoDB Next.js (Turbopack) 12.197s 13.013s 0.816s 3 1.15x
🐘 Postgres Next.js (Turbopack) 14.800s 15.041s 0.241s 2 1.39x
🐘 Postgres Nitro 20.247s (~) 21.059s (~) 0.812s 2 1.90x
🐘 Postgres Express 20.317s (~) 21.059s (~) 0.742s 2 1.91x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 17.813s (-3.0%) 19.224s (-1.9%) 1.411s 2 1.00x
▲ Vercel Express 18.124s (-1.3%) 19.409s (-1.9%) 1.285s 2 1.02x
▲ Vercel Next.js (Turbopack) 22.613s (+19.3% 🔺) 24.038s (+18.8% 🔺) 1.425s 2 1.27x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

workflow with 25 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 26.857s 27.050s 0.193s 3 1.00x
💻 Local Next.js (Turbopack) 26.923s 27.053s 0.130s 3 1.00x
💻 Local Express 27.497s (+2.3%) 28.051s (+3.7%) 0.554s 3 1.02x
💻 Local Nitro 27.532s (~) 28.052s (~) 0.519s 3 1.03x
🌐 MongoDB Next.js (Turbopack) 30.454s 31.026s 0.571s 2 1.13x
🐘 Postgres Next.js (Turbopack) 37.396s 38.085s 0.689s 2 1.39x
🐘 Postgres Express 50.339s (~) 51.127s (+1.0%) 0.788s 2 1.87x
🐘 Postgres Nitro 50.541s (~) 51.128s (~) 0.588s 2 1.88x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Next.js (Turbopack) 51.638s (+13.8% 🔺) 52.494s (+13.6% 🔺) 0.856s 2 1.00x
▲ Vercel Express 53.536s (+19.5% 🔺) 54.278s (+17.8% 🔺) 0.742s 2 1.04x
▲ Vercel Nitro 55.613s (+26.3% 🔺) 56.634s (+24.7% 🔺) 1.021s 2 1.08x

🔍 Observability: Next.js (Turbopack) | Express | Nitro

workflow with 50 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 54.454s 55.097s 0.643s 2 1.00x
💻 Local Next.js (Turbopack) 56.008s 56.107s 0.099s 2 1.03x
💻 Local Express 57.304s (+2.3%) 58.098s (+3.6%) 0.794s 2 1.05x
💻 Local Nitro 57.494s (~) 58.106s (~) 0.612s 2 1.06x
🌐 MongoDB Next.js (Turbopack) 60.847s 61.065s 0.218s 2 1.12x
🐘 Postgres Next.js (Turbopack) 71.530s 72.161s 0.631s 2 1.31x
🐘 Postgres Nitro 100.228s (~) 100.234s (-1.0%) 0.006s 1 1.84x
🐘 Postgres Express 100.245s (~) 101.244s (+1.0%) 0.999s 1 1.84x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 91.956s (+2.0%) 92.604s (+1.0%) 0.648s 1 1.00x
▲ Vercel Next.js (Turbopack) 97.319s (+5.3% 🔺) 99.055s (+6.1% 🔺) 1.736s 1 1.06x
▲ Vercel Express 105.381s (+17.3% 🔺) 106.071s (+16.4% 🔺) 0.690s 1 1.15x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

Promise.all with 10 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 1.243s 2.006s 0.763s 15 1.00x
💻 Local Next.js (Turbopack) 1.387s 2.005s 0.618s 15 1.12x
💻 Local Express 1.411s (+2.9%) 2.006s (~) 0.595s 15 1.13x
💻 Local Nitro 1.438s (+1.8%) 2.006s (~) 0.568s 15 1.16x
🐘 Postgres Next.js (Turbopack) 2.038s 2.297s 0.259s 14 1.64x
🌐 MongoDB Next.js (Turbopack) 2.137s 3.007s 0.870s 10 1.72x
🐘 Postgres Express 2.294s (+2.7%) 3.015s (~) 0.721s 10 1.84x
🐘 Postgres Nitro 2.309s (-4.4%) 3.014s (~) 0.705s 10 1.86x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 2.812s (+9.3% 🔺) 3.766s (+10.0% 🔺) 0.954s 8 1.00x
▲ Vercel Express 2.869s (+11.7% 🔺) 3.963s (+14.6% 🔺) 1.094s 8 1.02x
▲ Vercel Next.js (Turbopack) 3.053s (-0.7%) 3.991s (-3.9%) 0.938s 8 1.09x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

Promise.all with 25 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Next.js (Turbopack) 2.404s 3.007s 0.603s 10 1.00x
🌐 Redis Next.js (Turbopack) 2.475s 3.007s 0.532s 10 1.03x
💻 Local Express 2.592s (+10.4% 🔺) 3.007s (~) 0.416s 10 1.08x
💻 Local Nitro 2.694s (+2.9%) 3.008s (~) 0.314s 10 1.12x
🌐 MongoDB Next.js (Turbopack) 4.678s 5.176s 0.498s 6 1.95x
🐘 Postgres Express 8.735s (-0.5%) 9.032s (-2.8%) 0.297s 4 3.63x
🐘 Postgres Nitro 9.251s (-3.1%) 9.787s (-2.5%) 0.537s 4 3.85x
🐘 Postgres Next.js (Turbopack) 10.773s 11.036s 0.263s 3 4.48x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 2.707s (-33.0% 🟢) 3.539s (-33.9% 🟢) 0.832s 9 1.00x
▲ Vercel Next.js (Turbopack) 2.980s (+8.6% 🔺) 3.991s (+9.8% 🔺) 1.010s 8 1.10x
▲ Vercel Express 3.179s (+8.9% 🔺) 4.159s (+6.4% 🔺) 0.981s 8 1.17x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

Promise.all with 50 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 4.080s 4.867s 0.786s 7 1.00x
💻 Local Next.js (Turbopack) 6.763s 7.215s 0.452s 5 1.66x
💻 Local Express 7.457s (+15.1% 🔺) 8.016s (+14.3% 🔺) 0.559s 4 1.83x
💻 Local Nitro 7.814s (+5.0% 🔺) 8.271s (+3.1%) 0.456s 4 1.92x
🌐 MongoDB Next.js (Turbopack) 9.892s 10.346s 0.454s 3 2.42x
🐘 Postgres Nitro 47.939s (+4.4%) 48.145s (+4.4%) 0.206s 1 11.75x
🐘 Postgres Express 49.134s (+4.8%) 50.148s (+6.4% 🔺) 1.014s 1 12.04x
🐘 Postgres Next.js (Turbopack) 50.848s 51.123s 0.275s 1 12.46x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 6.480s (+59.1% 🔺) 7.709s (+49.5% 🔺) 1.229s 5 1.00x
▲ Vercel Express 7.002s (+92.1% 🔺) 8.127s (+74.4% 🔺) 1.125s 4 1.08x
▲ Vercel Next.js (Turbopack) 9.671s (+131.0% 🔺) 10.844s (+107.7% 🔺) 1.172s 3 1.49x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

Promise.race with 10 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 1.262s 2.006s 0.744s 15 1.00x
💻 Local Next.js (Turbopack) 1.421s 2.004s 0.583s 15 1.13x
💻 Local Nitro 1.422s (+1.2%) 2.005s (~) 0.583s 15 1.13x
💻 Local Express 1.424s (+3.8%) 2.005s (~) 0.581s 15 1.13x
🐘 Postgres Nitro 2.029s (+12.2% 🔺) 2.397s (~) 0.368s 13 1.61x
🐘 Postgres Express 2.049s (-6.0% 🟢) 2.924s (+6.7% 🔺) 0.875s 11 1.62x
🐘 Postgres Next.js (Turbopack) 2.153s 2.830s 0.678s 11 1.71x
🌐 MongoDB Next.js (Turbopack) 2.172s 3.008s 0.836s 10 1.72x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Next.js (Turbopack) 2.393s (-2.3%) 3.369s (-3.4%) 0.977s 9 1.00x
▲ Vercel Nitro 2.671s (+11.6% 🔺) 3.622s (+7.4% 🔺) 0.951s 9 1.12x
▲ Vercel Express 3.523s (+21.1% 🔺) 4.331s (+13.5% 🔺) 0.807s 8 1.47x

🔍 Observability: Next.js (Turbopack) | Nitro | Express

Promise.race with 25 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Next.js (Turbopack) 2.457s 3.007s 0.551s 10 1.00x
🌐 Redis Next.js (Turbopack) 2.494s 3.008s 0.514s 10 1.02x
💻 Local Express 2.738s (+10.3% 🔺) 3.007s (~) 0.269s 10 1.11x
💻 Local Nitro 2.796s (+3.7%) 3.009s (~) 0.213s 10 1.14x
🌐 MongoDB Next.js (Turbopack) 4.673s 5.176s 0.503s 6 1.90x
🐘 Postgres Express 8.599s (-30.0% 🟢) 9.278s (-25.0% 🟢) 0.679s 4 3.50x
🐘 Postgres Nitro 10.123s (-11.0% 🟢) 10.699s (-11.1% 🟢) 0.577s 3 4.12x
🐘 Postgres Next.js (Turbopack) 12.685s 13.369s 0.684s 3 5.16x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Express 2.463s (-17.8% 🟢) 3.257s (-14.2% 🟢) 0.794s 10 1.00x
▲ Vercel Nitro 2.514s (+3.1%) 3.472s (+5.6% 🔺) 0.957s 9 1.02x
▲ Vercel Next.js (Turbopack) 3.549s (+22.9% 🔺) 4.411s (+14.9% 🔺) 0.863s 7 1.44x

🔍 Observability: Express | Nitro | Next.js (Turbopack)

Promise.race with 50 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 4.108s 4.868s 0.760s 7 1.00x
💻 Local Next.js (Turbopack) 7.195s 7.613s 0.418s 5 1.75x
💻 Local Express 7.955s (+9.6% 🔺) 8.770s (+9.4% 🔺) 0.815s 4 1.94x
💻 Local Nitro 8.409s (+5.9% 🔺) 9.022s (+9.1% 🔺) 0.614s 4 2.05x
🌐 MongoDB Next.js (Turbopack) 9.893s 10.347s 0.455s 3 2.41x
🐘 Postgres Express 46.892s (-4.8%) 47.127s (-6.0% 🟢) 0.235s 1 11.41x
🐘 Postgres Nitro 48.666s (-0.9%) 49.118s (-2.0%) 0.452s 1 11.85x
🐘 Postgres Next.js (Turbopack) 54.890s 55.134s 0.244s 1 13.36x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 5.362s (-25.5% 🟢) 6.455s (-24.5% 🟢) 1.093s 5 1.00x
▲ Vercel Next.js (Turbopack) 6.379s (-11.7% 🟢) 7.613s (-11.1% 🟢) 1.234s 5 1.19x
▲ Vercel Express 7.040s (+61.0% 🔺) 8.169s (+49.1% 🔺) 1.129s 4 1.31x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

Stream Benchmarks (includes TTFB metrics)
workflow with stream

💻 Local Development

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Next.js (Turbopack) 0.131s 1.001s 0.010s 1.016s 0.885s 10 1.00x
🌐 Redis Next.js (Turbopack) 0.144s 1.000s 0.001s 1.007s 0.863s 10 1.10x
💻 Local Express 0.172s (+49.6% 🔺) 1.002s (~) 0.011s (-1.9%) 1.015s (~) 0.843s 10 1.31x
💻 Local Nitro 0.177s (+2.0%) 1.003s (~) 0.011s (+1.9%) 1.017s (~) 0.840s 10 1.35x
🌐 MongoDB Next.js (Turbopack) 0.483s 0.965s 0.001s 1.008s 0.525s 10 3.68x
🐘 Postgres Next.js (Turbopack) 0.697s 0.860s 0.001s 1.010s 0.313s 10 5.30x
🐘 Postgres Nitro 2.335s (-4.7%) 2.709s (+4.6%) 0.001s (~) 3.015s (~) 0.681s 10 17.77x
🐘 Postgres Express 2.351s (+2.6%) 2.693s (-2.1%) 0.001s (-7.1% 🟢) 3.015s (~) 0.664s 10 17.89x

▲ Production (Vercel)

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 1.927s (-9.8% 🟢) 2.645s (~) 0.216s (-14.7% 🟢) 3.413s (-0.9%) 1.486s 10 1.00x
▲ Vercel Express 2.045s (-6.0% 🟢) 2.711s (-2.9%) 0.150s (-46.1% 🟢) 3.455s (-6.1% 🟢) 1.410s 10 1.06x
▲ Vercel Next.js (Turbopack) 2.120s (-10.3% 🟢) 2.769s (+4.0%) 0.166s (-38.3% 🟢) 3.524s (-1.9%) 1.404s 10 1.10x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

Summary

Fastest Framework by World

Winner determined by most benchmark wins

World 🥇 Fastest Framework Wins
💻 Local Next.js (Turbopack) 11/12
🐘 Postgres Next.js (Turbopack) 6/12
▲ Vercel Nitro 7/12
Fastest World by Framework

Winner determined by most benchmark wins

Framework 🥇 Fastest World Wins
Express 💻 Local 9/12
Next.js (Turbopack) 💻 Local 6/12
Nitro 💻 Local 9/12
Column Definitions
  • Workflow Time: Runtime reported by workflow (completedAt - createdAt) - primary metric
  • TTFB: Time to First Byte - time from workflow start until first stream byte received (stream benchmarks only)
  • Slurp: Time from first byte to complete stream consumption (stream benchmarks only)
  • Wall Time: Total testbench time (trigger workflow + poll for result)
  • Overhead: Testbench overhead (Wall Time - Workflow Time)
  • Samples: Number of benchmark iterations run
  • vs Fastest: How much slower compared to the fastest configuration for this benchmark

Worlds:

  • 💻 Local: In-memory filesystem world (local development)
  • 🐘 Postgres: PostgreSQL database world (local development)
  • ▲ Vercel: Vercel production/preview deployment
  • 🌐 Turso: Community world (local development)
  • 🌐 MongoDB: Community world (local development)
  • 🌐 Redis: Community world (local development)
  • 🌐 Jazz: Community world (local development)

📋 View full workflow run

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 13, 2026
edited
Loading

🧪 E2E Test Results

Some tests failed

Summary

Passed Failed Skipped Total
✅ ▲ Vercel Production 501 0 38 539
✅ 💻 Local Development 520 0 68 588
✅ 📦 Local Production 520 0 68 588
✅ 🐘 Local Postgres 520 0 68 588
✅ 🪟 Windows 46 0 3 49
❌ 🌍 Community Worlds 105 42 9 156
✅ 📋 Other 126 0 21 147
Total 2338 42 275 2655

❌ Failed Tests

🌍 Community Worlds (42 failed)

turso (42 failed):

  • addTenWorkflow
  • addTenWorkflow
  • should work with react rendering in step
  • promiseAllWorkflow
  • promiseRaceWorkflow
  • promiseAnyWorkflow
  • hookWorkflow
  • webhookWorkflow
  • sleepingWorkflow
  • nullByteWorkflow
  • workflowAndStepMetadataWorkflow
  • fetchWorkflow
  • promiseRaceStressTestWorkflow
  • error handling error propagation workflow errors nested function calls preserve message and stack trace
  • error handling error propagation workflow errors cross-file imports preserve message and stack trace
  • error handling error propagation step errors basic step error preserves message and stack trace
  • error handling error propagation step errors cross-file step error preserves message and function names in stack
  • error handling retry behavior regular Error retries until success
  • error handling retry behavior FatalError fails immediately without retries
  • error handling retry behavior RetryableError respects custom retryAfter delay
  • error handling retry behavior maxRetries=0 disables retries
  • error handling retry behavior workflow completes despite transient 5xx on step_completed
  • error handling catchability FatalError can be caught and detected with FatalError.is()
  • hookCleanupTestWorkflow - hook token reuse after workflow completion
  • concurrent hook token conflict - two workflows cannot use the same hook token simultaneously
  • stepFunctionPassingWorkflow - step function references can be passed as arguments (without closure vars)
  • stepFunctionWithClosureWorkflow - step function with closure variables passed as argument
  • closureVariableWorkflow - nested step functions with closure variables
  • spawnWorkflowFromStepWorkflow - spawning a child workflow using start() inside a step
  • health check (queue-based) - workflow and step endpoints respond to health check messages
  • pathsAliasWorkflow - TypeScript path aliases resolve correctly
  • Calculator.calculate - static workflow method using static step methods from another class
  • AllInOneService.processNumber - static workflow method using sibling static step methods
  • ChainableService.processWithThis - static step methods using this to reference the class
  • thisSerializationWorkflow - step function invoked with .call() and .apply()
  • customSerializationWorkflow - custom class serialization with WORKFLOW_SERIALIZE/WORKFLOW_DESERIALIZE
  • instanceMethodStepWorkflow - instance methods with "use step" directive
  • crossContextSerdeWorkflow - classes defined in step code are deserializable in workflow context
  • stepFunctionAsStartArgWorkflow - step function reference passed as start() argument
  • pages router addTenWorkflow via pages router
  • pages router promiseAllWorkflow via pages router
  • pages router sleepingWorkflow via pages router

Details by Category

✅ ▲ Vercel Production
App Passed Failed Skipped
✅ astro 45 0 4
✅ example 45 0 4
✅ express 45 0 4
✅ fastify 45 0 4
✅ hono 45 0 4
✅ nextjs-turbopack 48 0 1
✅ nextjs-webpack 48 0 1
✅ nitro 45 0 4
✅ nuxt 45 0 4
✅ sveltekit 45 0 4
✅ vite 45 0 4
✅ 💻 Local Development
App Passed Failed Skipped
✅ astro-stable 42 0 7
✅ express-stable 42 0 7
✅ fastify-stable 42 0 7
✅ hono-stable 42 0 7
✅ nextjs-turbopack-canary 46 0 3
✅ nextjs-turbopack-stable 46 0 3
✅ nextjs-webpack-canary 46 0 3
✅ nextjs-webpack-stable 46 0 3
✅ nitro-stable 42 0 7
✅ nuxt-stable 42 0 7
✅ sveltekit-stable 42 0 7
✅ vite-stable 42 0 7
✅ 📦 Local Production
App Passed Failed Skipped
✅ astro-stable 42 0 7
✅ express-stable 42 0 7
✅ fastify-stable 42 0 7
✅ hono-stable 42 0 7
✅ nextjs-turbopack-canary 46 0 3
✅ nextjs-turbopack-stable 46 0 3
✅ nextjs-webpack-canary 46 0 3
✅ nextjs-webpack-stable 46 0 3
✅ nitro-stable 42 0 7
✅ nuxt-stable 42 0 7
✅ sveltekit-stable 42 0 7
✅ vite-stable 42 0 7
✅ 🐘 Local Postgres
App Passed Failed Skipped
✅ astro-stable 42 0 7
✅ express-stable 42 0 7
✅ fastify-stable 42 0 7
✅ hono-stable 42 0 7
✅ nextjs-turbopack-canary 46 0 3
✅ nextjs-turbopack-stable 46 0 3
✅ nextjs-webpack-canary 46 0 3
✅ nextjs-webpack-stable 46 0 3
✅ nitro-stable 42 0 7
✅ nuxt-stable 42 0 7
✅ sveltekit-stable 42 0 7
✅ vite-stable 42 0 7
✅ 🪟 Windows
App Passed Failed Skipped
✅ nextjs-turbopack 46 0 3
❌ 🌍 Community Worlds
App Passed Failed Skipped
✅ mongodb-dev 3 0 0
✅ mongodb 46 0 3
✅ redis-dev 3 0 0
✅ redis 46 0 3
✅ turso-dev 3 0 0
❌ turso 4 42 3
✅ 📋 Other
App Passed Failed Skipped
✅ e2e-local-dev-nest-stable 42 0 7
✅ e2e-local-postgres-nest-stable 42 0 7
✅ e2e-local-prod-nest-stable 42 0 7

📋 View full workflow run

Copilot AI review requested due to automatic review settings February 13, 2026 21:19
Copilot AI reviewed Feb 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR replaces manual authentication file reading with the @vercel/cli-auth package, adding automatic OAuth token refresh functionality. Previously, the CLI would read the auth token from disk without any refresh logic, causing API calls to fail when tokens expired. Now, getAuthToken() automatically checks token expiry and refreshes expired tokens using stored refresh tokens.

Changes:

  • Integrated @vercel/cli-auth package (v0.0.1) for credential management and OAuth refresh
  • Refactored authentication logic to support automatic token refresh before expiry
  • Simplified error messages by removing references to manual vercel env pull commands

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
pnpm-lock.yaml Added @vercel/cli-auth@0.0.1 and its dependencies (async-listen, open@8.4.0)
packages/cli/package.json Added @vercel/cli-auth as a dependency
packages/cli/src/lib/inspect/auth.ts Complete refactor: replaced manual file reading with CredentialsStore and added OAuth token refresh logic
packages/cli/src/lib/inspect/env.ts Updated to use async getAuthToken() instead of sync getAuth()
packages/cli/src/lib/inspect/vercel-api.ts Removed reference to vercel env pull from error message
packages/errors/src/index.ts Removed reference to vercel env pull from VERCEL_403_ERROR_MESSAGE
.changeset/free-carrots-repair.md Added changeset documenting the change
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/cli/src/lib/inspect/auth.ts
Comment on lines +58 to +61
const userAgent = getUserAgent({
name: '@workflow/cli',
version: '0.0.0',
});
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version is hardcoded as '0.0.0' but should use the actual CLI version. Other commands in the codebase use this.config.version from oclif to get the version dynamically. However, since this is not in a command class context, consider passing the version as a parameter to getAuthToken() or importing it from package.json. This is important for proper user-agent tracking and debugging.

Copilot uses AI. Check for mistakes.
Comment thread packages/cli/src/lib/inspect/auth.ts
)(app);
};
const nowInSeconds = Math.floor(Date.now() / 1000);
if (credentials.expiresAt >= nowInSeconds) {
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The token expiry check uses >= which means a token is considered valid even when expiresAt equals the current time. This could lead to using an expired token. Consider using > instead to ensure the token has not yet expired, or add a small buffer (e.g., 60 seconds) to refresh tokens before they actually expire.

Suggested change
if (credentials.expiresAt >= nowInSeconds) {
if (credentials.expiresAt > nowInSeconds) {

Copilot uses AI. Check for mistakes.
Comment thread packages/cli/src/lib/inspect/auth.ts
Comment on lines +27 to 88
export async function getAuthToken(): Promise<string | null> {
let credentials: Credentials;
try {
credentials = store.get();
} catch {
return null;
}
if (!credentials?.token) {
return null;
}

import fs from 'node:fs';
import path from 'node:path';
import XDGAppPaths from 'xdg-app-paths';
import { z } from 'zod';
// If there's no expiration info, assume the token is valid
// (e.g. legacy tokens without OAuth)
if (typeof credentials.expiresAt !== 'number') {
return credentials.token;
}

// Types aren't inferred correctly. Typescript wants us to call `.default` on the imported module,
// but the actual underlying JS code exposes the code top-level, so we need to cast it here.
const getXDGAppPaths = (app: string) => {
return (
XDGAppPaths as unknown as (app: string) => { dataDirs: () => string[] }
)(app);
};
const nowInSeconds = Math.floor(Date.now() / 1000);
if (credentials.expiresAt >= nowInSeconds) {
// Token is still valid
return credentials.token;
}

const vercelDirectories = getXDGAppPaths('com.vercel.cli').dataDirs();
// Token is expired — attempt refresh
if (!credentials.refreshToken) {
logger.debug('Auth token expired and no refresh token available');
return null;
}

const AuthFile = z.object({
token: z.string().min(1),
refresh_token: z.string().min(1).optional(),
expiresAt: z.number().optional(),
});
logger.debug('Auth token expired, refreshing via OAuth...');
try {
const userAgent = getUserAgent({
name: '@workflow/cli',
version: '0.0.0',
});

type AuthFile = z.infer<typeof AuthFile>;
const oauth = OAuth({
issuer: VERCEL_ISSUER,
clientId: VERCEL_CLI_CLIENT_ID,
userAgent,
});
const client = await oauth.init();
const tokenSet = await client.refreshToken(credentials.refreshToken);

// Returns whether a directory exists
const isDirectory = (path: string): boolean => {
try {
return fs.lstatSync(path).isDirectory();
} catch (_) {
// We don't care which kind of error occured, it isn't a directory anyway.
return false;
}
};
const updatedCredentials = {
...credentials,
token: tokenSet.access_token,
expiresAt: Math.floor(Date.now() / 1000) + tokenSet.expires_in,
...(tokenSet.refresh_token
? { refreshToken: tokenSet.refresh_token }
: {}),
};

// Returns in which directory the config should be present
const getGlobalPathConfig = (): string => {
// The customPath flag is the preferred location,
// followed by the vercel directory.
// (Legacy "now" directory is no longer supported)
// If none of those exist, use the vercel directory.
return (
vercelDirectories.find((configPath) => isDirectory(configPath)) ||
vercelDirectories[0]
);
};
store.update(updatedCredentials);
logger.debug('Auth token refreshed successfully');

export const getAuth = () => {
try {
const pathname = path.join(getGlobalPathConfig(), 'auth.json');
return AuthFile.parse(JSON.parse(fs.readFileSync(pathname, 'utf8')));
} catch {
return tokenSet.access_token;
} catch (error) {
logger.debug('Failed to refresh auth token:', error);
return null;
}
};

export async function updateAuthConfig(
config: Partial<AuthFile>
): Promise<void> {
const pathname = path.join(getGlobalPathConfig(), 'auth.json');
fs.mkdirSync(path.dirname(pathname), { recursive: true });
fs.writeFileSync(pathname, JSON.stringify(config, null, 2) + '\n');
}
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The token refresh logic lacks protection against concurrent refresh attempts. If getAuthToken() is called multiple times simultaneously while a token is expired, multiple refresh requests could be initiated in parallel, potentially causing race conditions. Consider implementing a mutex or promise caching mechanism to ensure only one refresh happens at a time.

Copilot uses AI. Check for mistakes.
Comment thread packages/cli/src/lib/inspect/auth.ts
let credentials: Credentials;
try {
credentials = store.get();
} catch {
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error when reading credentials is caught and silently ignored. While this may be intentional for cases where credentials don't exist, it also silently hides other errors like permission issues or corrupted files. Consider logging these errors at debug level to aid troubleshooting, similar to how refresh errors are logged at line 85.

Suggested change
} catch {
} catch (error) {
logger.debug('Failed to read auth credentials from store:', error);

Copilot uses AI. Check for mistakes.
Comment thread packages/cli/package.json
"@workflow/builders": "workspace:*",
"@workflow/swc-plugin": "workspace:*",
"@workflow/utils": "workspace:*",
"@vercel/cli-auth": "0.0.1",
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The @vercel/cli-auth package is at version 0.0.1, which indicates it's in very early development. Using such an early version in production could be risky as the API may be unstable and subject to breaking changes. Consider verifying that this is the intended version and that it's stable enough for production use.

Suggested change
"@vercel/cli-auth": "0.0.1",
"@vercel/cli-auth": "^1.0.0",

Copilot uses AI. Check for mistakes.
@TooTallNate TooTallNate enabled auto-merge (squash) February 13, 2026 21:25
@TooTallNate TooTallNate merged commit 8cfb438 into main Feb 13, 2026
160 of 171 checks passed
@TooTallNate TooTallNate deleted the 02-13-use_vercel_cli-auth_for_auth_token_reading_and_oauth_refresh branch February 13, 2026 21:46
@vercel-release-bot vercel-release-bot mentioned this pull request Feb 13, 2026
Merged
This was referenced Feb 13, 2026
Open
Closed
Open
Open
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ijjk ijjk ijjk approved these changes

@VaguelySerious VaguelySerious VaguelySerious approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TooTallNate @ijjk @VaguelySerious